Ferrous Moon
http://www.ferrousmoon.com:80/forums/

log deleter version 3 >.<
http://www.ferrousmoon.com:80/forums/viewtopic.php?f=52&t=1559		 Page 1 of 2
Author:  Azurozeta [Mon Oct 27, 2008 8:56 pm ]
Post subject:  log deleter version 3 >.<
This mission used a log deleter v3 and i need to recover the original log. I detected an anomaly of the date of these logs (the top log is somewhat old log) but i don't know where to apply the log undeleter. It is indeed difficult T_T
Author:  Mursu [Tue Oct 28, 2008 2:41 am ]
Post subject:  Re: log deleter version 3 >.<
Version 3: Copies another legitimate access log over the target. Difficult to detect. 2000c / 1Gq

Well, I'd use it on every log, but according to this there should be two identical logs, and the other one is a fake.

Btw, I don't suggest buying v 2.0 or 3.0 log deleters, since they're not really better than v 1.0. Just use 1.0 'til you can afford a 4.0
Author:  Azurozeta [Tue Oct 28, 2008 4:19 am ]
Post subject:  Re: log deleter version 3 >.<
nah, i'm on a mission to trace unauthorized transfer, in the statement list, the top log (should be most recent log) is somewhat old, so i assume the hacker used log deleter v3 to cover his track. My question goes on how to uncover his real trail?
Author:  Hawk_v3 [Tue Oct 28, 2008 9:40 am ]
Post subject:  Re: log deleter version 3 >.<
Log undeleter?
Author:  Miah [Tue Oct 28, 2008 11:09 am ]
Post subject:  Re: log deleter version 3 >.<
Followed by IP_Lookup
Author:  Azurozeta [Tue Oct 28, 2008 11:41 am ]
Post subject:  Re: log deleter version 3 >.<
That's what i'm saying. Log undeleter doesn't work. I even tried all logs on the list and i can't have any IP address i can look up with.
Author:  Miah [Tue Oct 28, 2008 12:57 pm ]
Post subject:  Re: log deleter version 3 >.<
If you accept the mission too long after its posted, you won't be able to do it at all.

You can't expect hackers to lay down for you and leave their tracks out in the open.
Author:  Azurozeta [Tue Oct 28, 2008 7:40 pm ]
Post subject:  Re: log deleter version 3 >.<
So i'm left out with a mission i can't deal with T_T what a pain.
Author:  Azurozeta [Tue Oct 28, 2008 8:04 pm ]
Post subject:  Re: log deleter version 3 >.<
But i thought it's still solvable, coz he used log deleter v3 which is still possible to detect. The log list looks like this:

03-03-2010 Uplink montly fee <<< a really out of place log, judge by the date
22-03-2010 Transfer 400c to X
16-03-2010 Transfer 200c to Y
11-03-2010 Transfer 50c to Z
Author:  Azurozeta [Tue Nov 04, 2008 4:02 am ]
Post subject:  Re: log deleter version 3 >.<
Hey, Miah, when i think about it, there is no way that the hacker can go without trace. You see, when he establish connection to target computer to delete logs, he'll leave logs upon his connecting and closing connection. Even if he log back again, and delete those 2 logs, he'll leave 2 new, more recent logs, and we can just trace it by determining that IP. I mean, if it's not us, it got to be enemy :p
Author:  Vaius [Tue Nov 04, 2008 9:55 am ]
Post subject:  Re: log deleter version 3 >.<
Yeah, he can go without a trace. He just has to break the connection in the middle. And use deleter v4.

ex: Me. Every hack, the first bounce point is InterNIC. That way, I directly connect there and delete all the logs (except for "connection established/destablished from 127.0.0.1") to break the chain (InterNIC neither passively nor actively traces you). I haven't been caught when doing this.
Author:  Azurozeta [Tue Nov 04, 2008 10:38 am ]
Post subject:  Re: log deleter version 3 >.<
I know, but that's for the admin passive trace. I'm talking about YOU that is tracing. You know the mission "trace a hacker who recently broke our system", don't you? Even if you delete the log using V4 log deleter, there will be "connection establish from 127.0.0.1" and the connection close. In real life, you're practically save, because that log is not enough evidence for warrant your arrest, but in onlink, i can just report your name and then the company who hire me will acknowledge it by 'mission successful' as if they know who hacked them in the first place. You get my point? Even if there is no evidence left, you can throw every name in the international social database until you get the right one.
Author:  Miah [Tue Nov 04, 2008 10:44 am ]
Post subject:  Re: log deleter version 3 >.<
When did the admin EVER do his own passive trace?

You might notice that after you do a high profile hit (typically a wipe) that about 30% of the time a trace-a-hacker mission shows up on the queue that you cannot accept.

You can't accept it, because you are the target. Victims hire agents from Uplink.
Author:  Azurozeta [Tue Nov 04, 2008 11:56 am ]
Post subject:  Re: log deleter version 3 >.<
That's what i'm saying, Miah. It is said that if the mission to trace hacker is 1-2 days old, that mission will become impossible to finish. Well, i find it possible. Other uplink hackers might not be able to catch us, but we can catch them, even if it 3 days old. Why? Because log "connection established from xxx" only created by hacker, if it's not us, then it's them. Other users are connected by miracle, the log only say "xxx accessed file" but there isn't any connection establish and closed log.
Author:  Vaius [Sun Nov 09, 2008 12:22 am ]
Post subject:  Re: log deleter version 3 >.<
Quote:
When did the admin EVER do his own passive trace?

You might notice that after you do a high profile hit (typically a wipe) that about 30% of the time a trace-a-hacker mission shows up on the queue that you cannot accept.

You can't accept it, because you are the target. Victims hire agents from Uplink.
You know, for some reason that reminds me of an extremely coincidental experience I had in the Uplink demo.

I had accepted my first mission. Protovision wanted me to steal a file from the Keytron Corp Internal Services Machine. I completed it, and the next mission I accepted, Keytron Corp wanted me to delete a file from the Protovision Internal Services Machine.

Strange, isn't it? :lol:
Page 1 of 2 All times are UTC-05:00
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/